Jump to content

Possible malware infection.


Go to solution Solved by Xeno,

Recommended Posts

Hello! I'm using Kaspersky Premium with a default deny intrusion prevention setup. I was looking at a obviously fake adobe file for malware analysis (just uploading to sandboxes) when I had the file on my PC and double clicked the archive to see what was inside. When I double clicked, it didnt show the inside of the archive (I tried this twice, still nothing), and I am a bit concerned that the file might have actually ran.

I have checked Intrusion Prevention, no file called "setup.exe" (which is what the file is) is there. I have also scanned with: Kaspersky, Sophos, Malwarebytes, ESET, and Emsisoft, they have found nothing.

Should I be concerned about a infection? I dont think intrusion prevention would just stop working suddenly, but I am a bit concerned since the file has zero virus total detections and wasnt picked up by Kaspersky via static detection.

https:// tria . ge/231230-azz71aagaj/behavioral2 incase you need the file, here it is.

Link to comment
Share on other sites

Welcome to Kaspersky Community.

 

Why in the hell did You double-clicked on that unknown archive not being inside a virtual machine? 🤦‍♂️🤦‍♂️🤦‍♂️🤦‍♂️🤷‍♂️🙄

 

Aren't you ever going to learn?

 

If You have default deny setup (I know You know my default deny settings guide), probably no file was executed if it is unknown to KSN and / or it is not digitally signed, it was a compressed file or?

 

Can You send me the file via personal message of the community?

  • Like 1
Link to comment
Share on other sites

  • Solution
8 hours ago, harlan4096 said:

Welcome to Kaspersky Community.

 

Why in the hell did You double-clicked on that unknown archive not being inside a virtual machine? 🤦‍♂️🤦‍♂️🤦‍♂️🤦‍♂️🙄

🤷‍♂️

Aren't you ever going to learn?

 

If You have default deny setup (I know You know my default deny settings guide), probably no file was executed if it is unknown to KSN and / or it is not digitally signed, it was a compressed file or?

 

Can You send me the file via personal message of the community?

Hello, the file was a .rar that I double clicked. I wasnt trying to execute it, I was trying to see whats inside of the archive.

I've handled this issue on my own though. I've checked the hash of the executable (its unknown to Kaspersky or VT), meaning it would be placed in a restricted group. This archive was also password protected, and I never entered a password for it 🤦‍♂️. If you somehow can execute a password protected file without the password, let me know :D.

Harlan, don't worry, I wont be messing with malware again. I've realized most of the times I do it, I ask for people's help to ensure i'm not infected and its not worth the time for them or for me.

Edited by Xeno
  • Like 1
Link to comment
Share on other sites

  • 5 months later...

 I get that uneasy feeling. It's like playing detective with your own PC, right? Intrusion prevention can be a real hero, but it's always nerve-wracking when something slips through the cracks. You've done the right thing by running those scans, though.

Link to comment
Share on other sites

On 6/3/2024 at 10:43 AM, Luiscongo1 said:

 I get that uneasy feeling. It's like playing detective with your own PC, right? Intrusion prevention can be a real hero, but it's always nerve-wracking when something slips through the cracks. You've done the right thing by running those scans, though.

You know, I once had a similar scare. Turned out the file was just a clever decoy, but it kept me on edge for a while. Have you considered looking into malware persistence techniques? Sometimes, those sneaky bugs find their way into the system without leaving a trace at first glance. It might offer some peace of mind to dive a bit deeper.

Edited by Luiscongo1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...